Based on traditional IT cyber security means (e.g. DMZ, firewall, intrusion detection, auditing systems), HollySys general solution for Industrial Cyber Security adopts industrial cyber security measures (e.g. trusted computing technology, industrial communication protocol filtering, industrial control systems feature filtering) into industrial control system, and integrates functional safety design, to ensure systems’ operational safety and security, by the means of full lifecycle security management and maintenance (product development, engineering design, post-service, and so on).
In accordance with the industry characteristics of thermal power, as well as the requirements of Baseline for Classified Protection of Cybersecurity 2.0, Document No. 36 of the National Energy Administration, and other policy and regulations, the following cyber security protection plan is proposed for current, typical thermal power plant monitoring systems architecture. The plan adheres to the general policy of "security partitioning, network dedication, horizontal isolation and vertical authentication".
The following security protection plan is proposed according to the industry characteristics of urban rail transit integrated supervision and control system. In addition to the protection measures shown in the figure, wireless defensive equipment should be used to secure wireless communications. Each subsystem's access points should be secured through physical access control and other measures, and all communications between subsystems should adopt encryption and decryption measures.